{"id":92840,"date":"2023-06-14T06:45:00","date_gmt":"2023-06-14T06:45:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=92840"},"modified":"2023-06-14T06:45:00","modified_gmt":"2023-06-14T06:45:00","slug":"clops-moveit-ransom-deadline-expires","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=92840","title":{"rendered":"Clop\u2019s MOVEit ransom deadline expires"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/06\/clops-moveit-ransom-deadline-expires.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The deadline set by the Clop cyber crime gang for victims whose data was exfiltrated in <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/podcast\/Risk-Repeat-MoveIt-Transfer-flaw-triggers-data-breaches\">a mass breach of Progress Software\u2019s MOVEit Transfer tool<\/a> to contact the criminals to negotiate a ransom passes today (14 June).<\/p>\n<p>The gang has hit multiple users of the MOVEit managed file transfer product via a SQL injection vulnerability <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/366539035\/Zero-day-vulnerability-in-MoveIt-Transfer-under-attack\">since the end of May<\/a>, stealing personal data on hundreds of thousands of people, a great many of them in the UK. It has not known to have executed its ransomware locker in any of the publicly disclosed cases, but is instead intending to extort money from them in order not to publish the stolen data.<\/p>\n<p>Known victims in the UK <a href=\"https:\/\/www.computerweekly.com\/news\/366539413\/Victims-of-MOVEit-SQL-injection-zero-day-mount-up\">include the BBC, Boots, British Airways<\/a>, EY <a href=\"https:\/\/www.computerweekly.com\/news\/366541003\/Ofcom-data-stolen-in-MOVEit-cyber-attack\">and Ofcom<\/a>. Many of these organisations have been targeted through third-party IT suppliers and other contractors, notably HR and payroll software supplier Zellis. <a href=\"https:\/\/www.computerweekly.com\/news\/366539753\/Extreme-Networks-emerges-as-victim-of-Clop-MOVEit-attack\">Extreme Networks is also known to have been targeted<\/a>, but has otherwise maintained its silence. Multiple other victims have been reported in Canada, Ireland, Malaysia and the US.<\/p>\n<p>At the time of writing, no data had yet been published, and <a href=\"https:\/\/www.sonicwall.com\/\">SonicWall<\/a> EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang\u2019s threats and grandstanding.<\/p>\n<p>\u201cAs the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks,\u201d said Starkey.<\/p>\n<p>\u201cOn the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks.<\/p>\n<p>\u201cAt this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident,\u201d he said.<\/p>\n<p>Alex Hinchcliffe, a threat intelligence analyst at <a href=\"https:\/\/unit42.paloaltonetworks.com\/\">Palo Alto Networks\u2019 Unit 42<\/a>, said it was likely that Clop would follow through on its threats if its victims do not cooperate.<\/p>\n<p>\u201cHaving tracked this group since 2021, we know they are extremely aggressive. When victims don\u2019t pay the ransom or ignore threats, their confidential data is publicly exposed. The threat actors behind Clop also leverage a variety of extortion techniques, such as targeting workstations of top executives, doxxing employees and advertising their breaches to reporters,\u201d he said.<\/p>\n<p>\u201cWhile the number of exposed servers appears low, the current tally of&nbsp; prestigious victims confirms how this group has graduated from ransomware delivered through malicious spam to being used in targeted campaigns against high-profile organisations.\u201d<\/p>\n<p>The roster of UK organisations that have suffered data breaches in the wake of the MOVEit incident is continuing to grow, with <a href=\"https:\/\/tfl.gov.uk\/\">Transport for London<\/a> (TfL) confirmed as a victim.<\/p>\n<p>The organisation, which runs bus and tube services across the capital, said it was compromised via a contractor who used the MOVEit software \u2013 although it has previously <a href=\"https:\/\/www.computerworld.com\/article\/3418856\/transport-for-london-deploys-secure-file-transfer-system.html\">counted itself among Progress\u2019 customers<\/a>.<\/p>\n<p>A TfL spokesperson told the BBC: \u201cThe issue has been fixed and the IT systems have been secured. The data in question did not include banking details and we are writing to all of those involved to make them aware of the incident.\u201d<\/p>\n<p>Those being notified comprise approximately 13,000 drivers whose data was held by the undisclosed contractor in a database of information on people who had paid either London\u2019s Congestion Charge, or to operate an older, more polluting vehicle within the Ultra Low Emission Zone (ULEZ) \u2013 an area bounded by the North and South Circular roads.<\/p>\n<p>TfL additionally said that no data on any of its passengers \u2013 who make approximately 2.5 billion trips every year \u2013 had been compromised.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The deadline set by the Clop cyber crime gang for victims whose data was exfiltrated in a mass breach of Progress Software\u2019s MOVEit Transfer tool to contact the criminals to negotiate a ransom passes today (14 June). The gang has hit multiple users of the MOVEit managed file transfer product via a SQL injection vulnerability [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":92841,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-92840","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92840"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92840\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/92841"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}